Subject: Verifying and updating NetBSD
To: None <email@example.com>
From: Anand Buddhdev <firstname.lastname@example.org>
Date: 10/04/2004 09:25:52
I am a NetBSD newbie, mostly used to RedHat Fedora so far. I have
recently installed NetBSD 1.6.2/i386 on a server. The installation was
not smooth. The system already had Debian on it, which I chose to
overwrite, and let NetBSD use the entire disk. However, on first boot, I
got the error "invalid partition table", and the server would not boot.
I repeated the installation, following the same steps, but I got the
same error. Finally, I booted a linux system and using the linux fdisk,
erased all the partitions from the disk, after which, an installation of
NetBSD went well. The reason I resorted to linux was that I did not know
how to erase all the partitions using the NetBSD fdisk on the install
CD. Reading the manpage did not make it any clearer. I tried using the
-u option to interactively modify the partition table, and put 0 for the
start and end points of the partitions, but it did not appear to chnage
the table. Have I missed something?
I went on to install pkgsrc, and I am very impressed with it :) It is so
simple to add software! And with a combination of lintpkgsrc and
audit-packages, I can keep the packages updated.
However, I cannot find any such similar mechanism for the base system.
If I log into a NetBSD system, how do I tell what patches or updates it
needs? Is there any tool on the system which I can run to tell me of
unpatched software in the base system? I have read the NetBSD guide on
keeping a stable system updated, using CVS, and recompiling the source.
But that would take too much time, if only 2 or 3 files need updating,
for example. I know I can also recompile a part of the source tree to
update a vulnerable program, but how do I know if a certain NetBSD
system is already patched or not. Is there a concept of a 'patchlevel',
like in Solaris, which allows an admin to know which patches have and
have not been applied to a system?
Finally, I see that the base ships with sendmail, postfix and bind, all
of which are old/buggy versions. I have seen that I can use the packages
system to add new versions of these packages, and make them run instead
of the old versions. However, I would still prefer to completely remove
the old versions, to avoid (1) confusion and (2) stop someone from
exploiting the old program which exist on the system. Is there a clean,
way to remove these old packages? Is there, for example, a file list
somewhere describing which files need to be removed to erase, for
example, the bind the ships in the base system?
I ask this, because I am used to RPMs under RedHat/Fedora. In that
system, everything is packegised, including things like sendmail,
postfix, bind, and even the kernel. This makes it easy to remove all
unwanted software from a system. Is there any plan for NetBSD to
packegise the base system at any point?